Password Solution for Regulatory PainBy Bill McQuaid | Posted 2010-04-08 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
A Maine hospital merged all its data into one Health Care Information System and deployed a single sign-on solution combined with biometrics.
Regulatory and other challenges unique to the health care sector prompted Parkview Adventist Medical Center, an acute-care hospital in Brunswick, Maine, to re-evaluate its IT investments. Bill McQuaid, Parkview’s CIO and assistant vice president, explains how the institution’s IT team combined all its data into a single Health Care Information System, while deploying a single sign-on solution combined with finger biometrics. These changes reduced IT support costs and resource requirements, while also increasing user productivity.
For years, Parkview Adventist Medical Center had taken a best-of-breed approach with interfaces to health care information systems, deploying a variety of niche solutions for everything from admissions to radiology. Besides making IT management increasingly complex, this approach led to discontent among the medical center’s 350 clinicians, who complained about the need to constantly sign in and out of critical applications.
In addition, the clinicians were not interested in new applications. That made persuading them to buy into advanced clinical applications a real challenge.
Further complicating matters, strict regulations like the Health Insurance Portability and Accountability Act (HIPAA) were put in place to protect patient information. Another area of contention was the Computer Physician Order Entry (CPOE) system, which requires doctors to use computers to order their own products.
Under these restrictions, we had to protect patient information, while giving clinical staff the ability to walk up to any workstation and securely log onto the network. The staff needed real-time access to applications and information that would enable them to provide timely care and service to patients. What we needed was a solution that could address all these issues and concerns.
One password, One Fingertip
Our leadership IT team set out to combine all the institution’s data into a single Health Care Information System (HCIS). After evaluating a number of technologies, we determined that clinical applications from Medical Information Technology (MEDITECH) would best serve the hospital’s needs. We also saw an opportunity to strengthen security and relieve the clinicians’ login/logout pains by deploying a single sign-on (SSO) solution combined with finger biometrics.
When our IT team began investigating SSO solutions that would work with the MEDITECH system and support finger biometrics, we received advice from reseller Forward Advantage. This led us to Imprivata OneSign, an appliance that strengthens network and application security by enabling easy, secure SSO to any application, whether Web, client/server or legacy. We found two features particularly useful for us: the all-in-one package and the easy deployment.
The SSO technology lets each user sign on to all our applications using a single password. Plus, we incorporated finger biometric scanning into the solution, which enables our doctors and nurses to log on to any PC with a single fingertip swipe. Because finger biometrics offers strong authentication, this improves IT security and helps meet compliance guidelines.
Users enroll one or more fingerprints via a scanner, which records them in a file associated with each user’s identification information. Thereafter, when logging on, the user scans his or her fingerprint, which is compared with the print on file to complete the authentication process.
The finger biometric readers are placed on stationary PCs or on computers on wheels (COWs) throughout the hospital. This gives clinicians the convenience of full access to the applications they need to be effective, while helping the hospital comply with HIPAA.
We knew our IT team would need the clinicians’ support to implement a new HCIS system, so when we went live with OneSign, we gave access to only a few clinicians. When others saw how easy it was to gain access to applications with SSO and finger biometrics, they became more interested in the project. Our staff and clinicians rushed to sign up for the training that was required before they could use biometrics.